Unauthorized Remote Reboot and Function Execution in MusicCenter / Trivum Multiroom Setup Tool V8.76

Unauthorized Remote Reboot and Function Execution in MusicCenter / Trivum Multiroom Setup Tool V8.76

CVE-2018-13858 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.

Learn more about our Web Application Penetration Testing UK.